Plaintiffs leased (and then purchased) their computer from Aspen Way, a franchisee of Aaron’s. Many of the computers leased by Aspen Way reportedly had a piece of software called “PC Rental Agent” installed on them. This software was designed (by DesignerWare) to purportedly “assist rental companies in the recovery of lost or stolen computers.” One feature of this program allowed for the remote capture or recordation of “keystrokes, screenshots, and photographers” from a computer it was installed on.

Crystal and Brian Byrd received a visit from someone who by mistake sought to repossess the laptop which they had purchased from Aspen Way. The repo man showed the Byrds a picture of Brian which was taken from the webcam of the Byrds’ computer. The Byrds called the police, who came to investigate. The police took the Byrds’ computer (presumably for investigative purposes).

The Byrds sued Aaron’s, Aspen Way, Aaron’s, and DesignerWare, alleging violations of the Wiretap Act and the Computer Fraud and Abuse Act. They sought an injunction seeking four different items of relief, but resolved the bulk of the issues, leaving for the court the sole issue of whether the court should enjoin “suspension of the Detective Mode of the PC Rental Agreement.”

Somewhat surprisingly, the court denies the request for injunctive relief. At oral argument, plaintiffs argued that irreparable harm was a given:

I can’t imagine anything more obvious than this prong. You have literally thousands of people who are sitting at their computers right now who have this program on it where detective mode may be enabled today, tomorrow, at any time, and this information, private information, can flow from their kitchen table through the server in Erie and back to the people who they don’t know in these local stores. I don’t know when a trial will be set in this case, but I do know that this is–there will be irreparable harm if this information, private information will be distributed.

The court finds that because plaintiffs’ laptop was no longer in their possession, there is no showing of ongoing irreparable harm as to plaintiffs. With respect to other potential members of the class, the court finds that

it is purely conjecture that the other members of the putative class will be subjected to remote access of personal information.

The court cites to the testimony of the co-owner of DesignerWare that only eleven computers were transmitting information to Aaron’s franchises. (Roughly 80 to 100 computers are supposedly reported “stolen” from Aaron’s in any given month.) Plaintiffs also submitted the testimony of a former employee of Aspen Way, who was a sales manager and testified that she witnessed Aspen Way employees viewing personal information of Aspen Way customers (including bank accounts, names, addresses, and social security numbers). The court rejects this evidence, finding that it does not speak to the current practices of the particular franchise in question and is thus not relevant to the irreparable harm analysis.

While it is permissible to grant injunctive relief based on the type of testimony adduced by plaintiffs and in protection of as-yet-unnamed class members, the court declines to do so in this case. Along the way, the court drops a footnote, expressing some skepticism as to the merits of the case. The court notes that it’s entirely unclear that the information collection at issue constitutes an “electronic communication,” because there is no evidence that Mr. Byrd was “online” when the information was collected. The court also says it has “grave doubts” as to whether the communications “affected . . . interstate or foreign commerce.” The court also states that it is unclear as to whether the Wiretap Act reaches a person’s “communication with his own computer.”

__

Yikes! Privacy class actions seem out of control to me, but I’ll admit even I was surprised by this result. I’m equally surprised that the Aaron’s-affiliated defendants did not all just stipulate to suspending use of the software until things were sorted out. (Aarons, Inc. did, but its franchisee Aspen Way did not. In fact, Aspen Way did not participate in the hearing, which makes the denial of injunctive relief all the more perplexing.) Setting aside whether the court was correct in its view of the merits of the case, the court takes an unduly restrictive view of the facts when it states that no “interception” of an electronic communication occurred because there was no evidence that Mr. Byrd was online or communicating with someone else when the image in question was captured. Surely, given the ex-employee’s testimony as to what type of information was viewed through use of the software, it’s fair to presume that the Aspen Way employees are not sitting around making sure that the capture only occurred while the computer user was offline or not communicating with another person. The court’s skepticism about whether the communications in question affected interstate commerce also seems off-base. The communications of Aspen Way customers probably traveled halfway around the world, even if they were transmitted between computers that were in the same city.

This is not to say that it should be an easy path to finding liability for all defendants. DesignerWare developed the software in question, and it’s far from clear that it should face liability as a developer/vendor for what may turn out to be the errant acts of Aspen Way employees. (See the SpectorSoft keylogger case: “Keylogger Software Company Not Liable for Eavesdropping by Ex-spouse — Hayes v. SpectorSoft.”) Similarly, it’s also unclear as to whether Aaron’s Inc. should face liability for the CFAA and Wiretap Act violations of Aspen Way employees or for the acts of its franchisee. Courts are mixed on whether you can even assert a derivative claim under the CFAA. Regardless, both claims will probably require some showing of knowledge on the part of Aaron’s Inc., the deep pocketed defendant.